Mobile Hacking: How Safe Is Your Smartphone?

New instances of phone hacking seem to emerge from Rupert Murdoch’s empire on a daily basis. But are the reports of interest beyond Murdoch and his detractors? Should you, as a consumer, fear that your phone will be hacked?

Not yet. Experts say that it’s still fairly easy to hack into your phone, but unless you’re a celebrity, you’re unlikely to be a target. Don’t get too comfortable, though. The era of safe mobile computing may be coming to an end as smartphones and other mobile devices become more popular than PCs.

For the moment, however, phone hacking is the farm team version of big league PC hacking. Methods — particularly in the case of the Murdoch charges which stretch back a decade in some cases — are pretty old school. Robert Siciliano, a McAfee consultant and identity theft expert, says probably the most prevalent way people hack phones is via “social engineering,” a.k.a. lying. For instance, a would-be hacker might call you and pose as the phone company saying they need to update your account and need your password. Or the hacker might get enough of your information to call the phone company and pose as you.

Steve Santorelli, director of global outreach at the Internet security research group Team Cymru, and former Scotland Yard police officer, says that the Murdoch phone hacks probably didn’t even take that much effort. It’s likely, he says, that the victims left a default password provided by the carrier on their phone and the hackers merely guessed correctly. Santorelli says that some carriers still use default passwords. Lesson: Change your passwords often.

There are, of course, more technologically savvy ways to hack your phone as well. A would-be hacker, for instance, might get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information. Smartphones also provide an opportunity to install monitoring software. iPhone owners are probably the safest in that regard, unless they jailbreak their phones, Siciliano says. Android users are less secure since publishers can upload their apps directly to Android Market. In March, hackers added malicious code to 58 Android apps, infecting 250,000 phones. “Android is more vulnerable because it’s a more open system,” says Siciliano. “While Google does vet its apps, some do slip by that are malicious.”

Once an app is installed, it can record all your calls and texts and, depending on what kind of apps you have and what you do with your phone, possibly get personal data related to banking and credit cards. There are other possibilities as well. A hacker could commandeer your phone into sending thousands of texts or making calls beyond your monthly minutes, causing you to rack up huge bills.

Such attacks are still pretty rare.”The low hanging fruit is still the PC,” says Siciliano. “If you are a criminal hacker, Microsoft’s OS is the most hacked software on the planet.” Yet that could be changing quickly. A recent survey by Flurry showed that consumers are now spending more time on mobile apps than on the web. Another by Mary Meeker of Kleiner Perkins Caufield & Byers estimated that combined tablet and smartphone shipments eclipsed those of desktops and laptops this year for the first time.

Security firms have taken notice. Market research firm Infonetics predicts sales of mobile security software will grow 50% each year through 2014, when it will hit $2 billion. AT&T also plans to start selling a security offering to customers next year.

In short, sometime soon phone hacks may not just be Hugh Grant’s problem. Says Santorelli: “If I had money right now, I’d bet on the Russian mafia. Mobile hacking is going to be huge.”